Pages

Monday, July 25, 2011

Web App Pen-testing Learning

Learning LAB:
OWASP Broken Web Applications Project

Content:
Intentionally Vulnerable Applications:
  • OWASP WebGoat version 5.3.x(Java)
  • OWASP Vicnum version 1.4 (PHP/Perl)
  • Mutillidae version 1.5 (PHP)
  • Damn Vulnerable Web Application version 1.07.x (PHP)
  • Ghost (PHP)
  • Peruggia version 1.2 (PHP)
  • OWASP CSRFGuard Test Application version 2.2 (Java)
  • OWASP AppSensor Demo Application (Java)
  • Mandiant Struts Forms (Java/Struts)
  • Simple ASP.NET Forms (ASP.NET/C#)
  • Simple Form with DOM Cross Site Scripting (HTML/JavaScript)
Old Versions of Real Applications:
  • WordPress 2.0.0 (PHP, released December 31, 2005, downloaded from www.oldapps.com)
  • phpBB 2.0.0 (PHP, released April 4, 2002, downloaded from www.oldapps.com)
  • Yazd version 1.0 (Java, released February 20, 2002)
  • gtd-php version 0.7 (PHP, released September 30, 2006)
  • OrangeHRM version 2.4.2 (PHP, released May 7, 2009)
  • GetBoo version 1.04 (PHP, released April 7, 2008) 

Project download:
http://sourceforge.net/projects/owaspbwa/files/

download and unzip... Run in VMWare Player/Workstation
the main page:



    No comments:

    Post a Comment